Display device and funds transaction device including the display device

ABSTRACT

A display device is disclosed which may be used in a mobile telephone or other article which is intended to make secure transactions such as financial transactions, as well as other personal transactions such as telephone calls. The device includes a display ( 24 ) for displaying information, a financial transaction controller ( 26 ) including a processor ( 28 ), a display driver ( 30 ) for driving the display ( 24 ) and a secure memory ( 32 ). The financial transaction controller allows the display section ( 24 ), and an input keypad ( 12 ), to operate under the control of the device to enable personal functions other than financial transactions to be performed. However, in the event of a financial transaction, the financial transaction controller takes over control of the display section ( 24 ) and the input keypad ( 12 ) so that the financial transaction can be performed while the device is under the control of the financial transaction controller to thereby prevent tampering with or tapping off of data, and also the display of information other than under the control of the financial controller.

FIELD OF THE INVENTION

This invention relates to a display device and funds transaction deviceincluding the display device, which enable financial transactions, suchas EFTPOS transactions to be performed.

BACKGROUND ART

The technology required to transfer monies between one account toanother is referred to as Electronic Funds Transfer (EFT). A device thatis used for EFT to facilitate the payment of goods without therequirement of ‘cash’ money to change hands between the buyer and theseller is known as an Electronic Funds Transfer at the Point Of Sale(EFTPOS) device. EFTPOS networks are used around the world.

An EFTPOS device can be summarized as a device that accepts both secure(e.g., customer PINs) and insecure data (e.g., transaction amounts) froma keypad and sends this information to a banking EFTPOS network in aformat that informs that network to perform a banking transaction.Secure information is encrypted, and messages are usually authenticatedwith a Message Authentication Code (MAC) that is the result of amodified encryption of the entire message. These encryption keys existas part of a hierarchy that allows for the EFTPOS network to changetheir values throughout the life of the product. The EFTPOS device mustensure the safe keeping of these banking keys at all times.

As only secure data is returned from the keypad in an encrypted form,the EFTPOS device must be configured to prevent the customer fromentering any secure information (e.g., PIN) when it is waiting forinsecure information to be entered. That is, the EFTPOS device mustallow for the customer to discern the difference between secure dataentry and insecure data entry. Most usually this is achieved through theuse of secure prompts. For example, an EFTPOS device will allow insecuredata entry only when the user prompt has been checked by the bankingauthority to ensure that it contains no ambiguity as to its insecurenature. Therefore, a banking authority would not allow any “secureprompt” that contained an expression similar to ‘Enter PIN’, as thiscould be used to prompt the customer to enter their PIN when it wouldnot be encrypted.

Thus an EFTPOS device can be said to have the following tasks:

-   -   1) The entry of data from a keypad;    -   2) The prompting of user actions via a display; and    -   3) The selective encryption of data, using stored banking keys.

As an EFTPOS device is used to facilitate the transfer of funds betweenaccounts, it is often the target of criminal elements wishing to gainfraudulent access to monies. It is important, then, to understand thatthe following areas of an EFTPOS device may be open to attack or misuseby such elements:

-   -   1) Secure data entered on the keypad may be intercepted prior to        encryption;    -   2) Secure prompts may be altered in an attempt to have the user        enter secure data when no encryption is to take place (this        alteration could be made to the secure prompt when in-situ of        the EFTPOS controller, or en-route to the display); and    -   3) Banking keys may be extracted from the EFTPOS controller,        allowing the attacker to decrypt secure data, and ‘forge’        messages to the bank.

These attacks are usually prevented by encapsulating the keypad, displayand controller within a physically secure casing. The aim of this casingis to detect any attempt to tamper with the device, and render thedevice inoperable if such an attempt occurs. For this reason EFTPOSdevices are usually stand alone devices and used only for the purpose offinancial transactions. However, in recent times with the increase ofcommunication technology and communication networks, consideration hasbeen given to enabling EFTPOS transactions to be performed by a personusing his or her mobile telephone.

The integration of EFTPOS functionality into personal devices such asmobile phones has hitherto not been accomplished, due mainly to theinability to prevent the attacks outlined above. The physical securingof the casing is too expensive for such a consumer device, and oftencomplicates servicing.

The object of the invention is to provide a display device and apersonal device, such as a mobile phone, which enables EFTPOStransactions to be performed with the required degree of security.

SUMMARY OF THE INVENTION

The invention may be said to reside in a display device for a personaldevice intended to perform financial transactions as well as personalfunctions other than financial transactions, the personal deviceincluding an input for receiving information from a user the displaydevice including;

-   -   a display section for displaying information to a user;    -   a financial transaction controller coupled to the display; and    -   the financial transaction controller being for selectively        allowing the display section and input means to operate under        the control of the personal device to enable personal functions        other than financial transactions to be performed, and being for        taking over control of the display section and the input means        so that the personal device can perform a financial transaction        whilst the display section and input means are under the control        of the controller to thereby prevent the tampering with or        tapping off of data entered into the input means or stored in        the financial transaction controller during the performance of a        financial transaction and also the display of information on the        display section other than under the control of the financial        controller.

Thus, according to this aspect of the invention the display device canbe used in personal devices such as mobile telephones so that the mobiletelephone can act in a normal fashion to make telephone calls, receiveand forward text messages, etc. and, be placed into a secure conditionfor the performance of a financial transaction by taking over control ofthe display section and the input means. Thus the display section andinput means cannot be accessed by the remainder of the personal deviceand information cannot be tapped off or manipulated by other componentsof the personal device during the performance of a financialtransaction. The display device of the present invention enables apersonal device such as a mobile telephone to be used as an EFTPOSterminal whilst maintaining the required security of data inputted intothe device to perform the transaction, and also security of software,including encryption keys, which are required in order to perform thefinancial transaction. Thus, this enables a personal device such as amobile telephone to be constructed which can also perform securefinancial transactions simply by using the display device according tothis invention in place of a conventional display device, whilstotherwise maintaining the mobile telephone in conventionalconfiguration. Thus, additional security to the mobile phone is notrequired in order for the mobile phone to perform secure financialtransactions.

In the preferred embodiment of the invention the financial controller isan EFTPOS controller and includes a processor, a display driverconnected to the processor and also connected to the display section fordriving the display section to display information, and a secure memorycoupled to the processor for storing secure data and/or software.

Preferably the personal device includes controlling electronics, and thedisplay device includes coupling means for coupling the processor withboth the input means and the controlling electronics of the personaldevice.

Preferably the controller is physically attached to the display section.

In the most preferred embodiment the controller is physically attachedto the display section by integrating the controller into the displaysection.

Preferably the controller is integrated into the display section byconnecting the controller to the display section by means of attachingit to a printed circuit board that would normally house a displaycontroller for controlling the display section.

Most preferably the display section is a liquid crystal display having aglass face and the controller is directly mounted onto the glass face ofthe liquid crystal display by a chip on glass process. Chip on glassprocesses are well known and therefore need not be further describedherein.

The financial controller may be backed with an epoxy resin. The mountingof the controller may also include mounting in a flip chip configurationor providing a penetration detecting mesh formed on the controller. Onceagain, these techniques are well known and will not be described infurther detail hereinafter.

The use of the epoxy resin, the flip chip configuration or thepenetration detecting mesh further secure the controller and secures thedata in the controller from attack.

Preferably the display device is mounted to the controlling electronicsby a zero insertion force connector so that disassembly of the personaldevice will result in disconnection of the display device from thecontrolling electronics circuit board which can provide a trigger tocause data within the financial controller to be erased to prevent thedata from being illegally accessed.

The erasing of data in the financial transaction controller can beachieved by a circuit loop-back in the zero insertion force connector sothat the circuit is connected to the display device and completed in thedevice upon which the display section is mounted. Thus any removal ofthe display device will result in the circuit connection being brokenand this disruption of the circuit is detectable by the controller onthe display device to thereby result in the controller causing data,such as banking keys, to be erased so they cannot be illegally accessed.

Preferably, the input means with which the display device will be usedin the personal device is a keypad. Most preferably the keypad isconfigured in accordance with the keypad disclosed in Internationalpatent application number PCT/AU01/00301, the contents of which areincorporated into this specification by reference in their entirety.

Security data and security software may also be loaded into thefinancial controller in accordance with the teachings in Internationalpatent application number PCT/AU01/00317, the contents of which areincorporated into this specification by reference in their entirety.

Preferably the financial controller is in the form of an applicationspecific integrated circuit (ASIC).

In alternate embodiments the financial controller may be hybrid circuit.

In the preferred embodiment the financial transaction controller isconfigured so that it can control a multiplicity of the differentdisplays thereby enabling the controller to be used with a variety ofdifferent display devices which may be intended for use in differenttypes of personal devices.

Preferably, the personal device includes a communication means fortransmitting data relating to the financial transaction to a financialtransaction network and for receiving data from the financialtransaction network. If the personal device is a mobile telephone, thecommunication means comprises the mobile telephone itself so that datawhich is assembled and encrypted by the financial controller is suppliedto the controlling electronics of the mobile telephone for transmissionby way of a mobile telephone call to the EFTPOS network and forreceiving data back from the EFTPOS network by way of a mobile telephonecall.

Thus, secure data is encrypted by the financial controller and forwardedto the controlling electronics of the mobile phone in encrypted statefor transmission in a telephone call to the EFTPOS network. Securitydata transmitted back from the network is encrypted and received by thecontrolling electronics and forwarded to the financial controller in anencrypted state where it is processed by the financial controller. Thus,whilst the controlling electronics of the mobile phone are used totransmit and receive data that data is in an encrypted state andtherefore secure before it is supplied to the controlling electronics ofthe mobile telephone.

In the preferred embodiment of the invention the device includes acontroller input for activation by an operator to place the displaydevice into a secure condition for performing a financial transaction.The controller input may be a menu item which can be displayed on thedisplay as a person scrolls through a menu or an input button or thelike on the device which is activated by the user.

Upon activation of the controller input the processor of the financialcontroller disconnects the controlling electronics of the personaldevice from the display section and the input means and takes overcontrol of the input means and display section so that the financialtransaction can be performed.

The invention, in a further aspect, may be said to reside in a financialtransactions device for performing financial transactions as well aspersonal functions other than financial transactions, the deviceincluding:

-   -   an input means for the entry of data into the device;    -   a display section for displaying information to a user;    -   a financial transaction controller coupled to the display;    -   input means for the entry of data coupled to the controller;    -   personal device controlling electronics coupled to the financial        transaction controller, for controlling the device to perform        personal functions other than financial transactions; and    -   the financial transaction controller being for selectively        allowing the display section and input means to operate under        the control of the controlling electronics to enable personal        functions other than financial transactions to be performed, and        being for taking over control of the display section and the        input means for preventing the controlling electronics from        accessing the display and the input means so that the personal        device can perform a financial transaction whilst the display        section and input means are under the control of the controller        to thereby prevent the tampering with or tapping off of data        entered into the keypad or stored in the financial transaction        controller during the performance of a financial transaction and        also the display of information on the display section other        than under the control of the financial controller.

Preferably, the financial transaction controller includes a processor, adisplay driver coupled to the processor and the display section, and asecure memory for storing software and/or data, coupled to theprocessor.

Preferably the controller is physically attached to the display section.

In the most preferred embodiment the controller is physically attachedto the display section by integrating the controller into the displaysection.

Preferably the controller is integrated into the display section byconnecting the controller to the display section by means of attachingit to a printed circuit board that would normally house a displaycontroller for controlling the display section.

Most preferably the display section is a liquid crystal display having aglass face and the controller is directly mounted onto the glass face ofthe liquid crystal display by a chip on glass process. Chip on glassprocesses are well known and therefore need not be further describedherein.

The controller electronics which operate the personal device preferablycomprises, with the display section and input means, all of theelectronics required in order to operate the personal device forperforming personal functions other than financial transactions.

The invention may also be said to reside in a mobile telephone forperforming financial transactions as well as mobile telephone callsother than financial transactions, the mobile telephone including:

-   -   an input means for the entry of data into the mobile telephone;    -   a display section for displaying information to a user;    -   controlling electronics for enabling a mobile telephone call to        be performed with the mobile telephone;    -   a financial transaction controller coupled to the display        section for selectively enabling the input means and the display        to be coupled to the controlling electronics to enable mobile        telephone calls other than financial transactions to be        performed and for selectively disconnecting the controlling        electronics from the display section and input means and taking        over control of the display section and input means so that a        financial transaction can be performed under the control of the        financial controller without the controlling electronics of the        mobile telephone being able to access the display section or the        input means.

Preferably, the financial transaction controller includes an EFTPOScontroller, a display driver coupled to the EFTPOS controller and to thedisplay section, and a secure memory coupled to the processor forstoring security software and/or data.

Preferably, the coupling means is provided for coupling the processorwith both the keypad and the controlling electronics of the personaldevice.

Preferably, the controller is physically attached to the displaysection.

In the most preferred embodiment, the controller is physically attachedto the display section by integrating the controller into the displaysection.

Preferably, the controller is integrated into the display section byconnecting the controller to the display section by means of attachingit to a printed circuit board that would normally house a displaycontroller for controlling the display section.

Most preferably, the display section is a liquid crystal display havinga glass face and the controller is directly mounted onto the glass faceof the liquid crystal display by a chip on glass process. Chip on glassprocesses are well known and therefore need not be further describedherein.

Preferably the financial transaction controller enables communicationbetween the controlling electronics, the display section and the inputmeans during the performance of personal functions other than financialtransactions.

Preferably, when the device is in the secure condition for performing afinancial transaction, the controlling electronics cannot access thedisplay section or the input means but the financial controller canoutput data to the controlling electronics so that the data can betransmitted in a mobile telephone call to a financial system network.

Preferably the input means comprises a keypad.

However, in other embodiments the input means may be integrated into thedisplay device and be in the form of a touch screen provided in thedisplay section.

BRIEF DESCRIPTION OF THE DRAWINGS

A preferred embodiment of the invention will be described, by way ofexample, with reference to the accompanying drawings in which;

FIG. 1 is a circuit block diagram according to one embodiment of theinvention;

FIG. 2 is a view of a personal device such as relevant parts of a mobiletelephone;

FIG. 3 is a back view of a display device according to the preferredembodiment;

FIG. 4 is a front view of the display device of FIG. 3;

FIG. 5 is a side view of the display device of FIGS. 3 and 4;

FIG. 6 is an enlarged view of part of the display device of FIG. 4;

FIG. 7 is a block circuit diagram of the preferred embodiment; and

FIG. 8 is a flow chart explaining operation of the diagram of FIG. 7.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

With reference to FIG. 1 a block diagram of a personal device such as amobile telephone is shown which includes a secure display device forenabling financial transactions such as EFTPOS transactions to beperformed.

The mobile telephone includes a personal device section 10 which enablesmobile telephone calls to be made and received. The personal device 10also includes a keypad 12 into which data such as a telephone number ordata to forward a text message or the like can be input. The personaldevice 10 also includes controlling electronics 11 which areconventional electronics which process and receive incoming and outgoingcalls and operate the mobile telephone in accordance with conventionalprotocols.

A secure display device 20 is located in the mobile telephone in placeof a conventional display which would otherwise be used with the mobiletelephone. The secure display 20 enables financially secure transactionsto be performed with the mobile telephone without fear that data can beillegally tapped from the mobile telephone (during the performance of afinancial transaction) or that incorrect or bogus data could be suppliedto the mobile telephone to cause a user to input security information,which could then be illegally accessed by another party.

The display section 20 is coupled to the controlling electronics 11 andthe keypad 12 by a connection such as a zero insertion force connector,for example, a zebra strip type connector schematically shown byreference 22 in FIG. 1.

The display section 20 includes a display 24, preferably in the form ofa liquid crystal display, and an EFTPOS controller 26. The EFTPOScontroller 26 includes: a processor 28 (which is connected to thecontrolling electronics 11 of the mobile telephone 10 by the connector22), a display driver 30 (which is coupled to the processor 28 and alsoto the display 24 for driving the display 24), and a secure memory 32(which is coupled to the processor 28 for storing security data and/orsoftware).

In the preferred embodiment of the invention, the keypad 12 ispreferably configured so that it is not possible to illegally determinewhich keys of the keypad 12 are depressed during the input ofinformation into the keypad 12. Most preferably, the keypad 12 isconfigured in accordance with the keypad disclosed in the aforementionedInternational application number PCT/AU001/00301.

The secure memory 32 is loaded with security software and data, such asencryption keys, in a secure environment to enable the financialtransaction and, in particular, an EFTPOS transaction, to be performedwith the mobile telephone. This data is loaded when the secure displaydevice 20 is manufactured and before the device is assembled into amobile telephone. However, the software and data could be loaded afterassembly of the display device 20, into the mobile telephone, ifdesired.

Preferably, the security software and data is loaded into the securememory 32 in accordance with the teachings of the aforesaidInternational patent application number PCT/AU01/00317.

In order to perform a mobile telephone call that is not a financialtransaction, the mobile telephone is used in the conventional way. Inthis condition, the controlling electronics 11 is coupled to the displaydriver 30 and to the display 24 by the processor 28. The controllingelectronics 11 can also control the keypad 12, via the processor 28, sothat telephone numbers, data for text messages and the like, as well asnormal control functions of the mobile telephone can be performed.

When it is desired to perform a financial transaction, such as an EFTPOStransaction which will transfer funds from one person's bank account toanother person's bank account in order to pay for the purchase of goodsor services, the mobile telephone is activated to place the mobiletelephone into the secure condition. This is performed by depression ofa button (not shown) or other input device on the mobile telephone or byscrolling through a menu of the mobile telephone until an EFTPOStransaction is displayed and selected. When the mobile telephone isplaced into the secure condition, the processing unit receives dataeither by way of the menu selection or the depression of the button,etc. and acts to disconnect the display 24 and keypad 12 from thecontrolling electronics 11 of the mobile telephone and also takes overcommand of the display 24 and keypad 12 so that they cannot operateunder the command of the controlling electronics 11 of the mobiletelephone.

In order to show that the mobile telephone is in the secure condition,an icon, such as a padlock or other indicating device to clearlyindicate to a user that the device is properly placed in the securecondition, may be displayed on the display 24 (as is shown in FIG. 6).Preferably, the icon is displayed by way of a single pixel which is onlyever under the control of the EFTPOS controller 26 so that it can onlybe activated when the device is placed in the secure condition. Mostpreferably the pixel is a large pixel so that it is sufficiently big tobe easily observed by a user.

When the device is in the secure condition, the processor 28 effectivelyacts as a switch to switch off the controlling electronics 11 from thekeypad 12 and display 24 until the user indicates that the securecondition is no longer required. When in the secured condition, theEFTPOS controller 26 takes over control of the keypad 12 and the display24 and causes the required prompts to be displayed on the display 24 forperforming of financial transactions. These prompts will enable theinput of data relating to the user's bank account which can be performedby swiping an EFTPOS card or credit card, the encryption of that dataand the transferring of that data to the controlling electronics 11 ofthe mobile telephone so that the data can be transmitted by way of amobile telephone call to an EFTPOS network. Similarly, the processor 28will then prompt the user to input a pin into the keypad 12, which isencrypted and transmitted (by way of a mobile telephone call) to theEFTPOS network. Unsecure data, such as the purchase amount, may then beinput and transmitted. The manner in which the data is assembled andtransmitted is conventional and therefore need not be described in anyfurther detail herein.

The data received back from the network will include the fact that thetransaction has been approved which can also be displayed on the display24.

Because the financial transaction is under the control of the EFTPOScontroller 26 and the controlling electronics 11 of the mobile telephoneis completely disconnected from the operation of the financialtransaction, bogus messages which would prompt a user to input secureinformation when secure information is not actually called for cannot bemade. This would, otherwise, enable secure information to possibly beinput and transmitted unencrypted so that it could be accessed byunauthorized parties. This can be prevented from happening because thedisplay 24 cannot be accessed by the controlling electronics andtherefore any attempt to transmit a message to the mobile telephone andinto the controlling electronics so that the controlling electronicswill control the display, such as text message or the like, will not bereceived by the display. Similarly, the controller ensures that therequired security data is properly encrypted before supply to thecontrolling electronics 11 and transmission from the mobile telephone.

Thus, the EFTPOS controller 26 contains all the necessary components andlogic functions to perform EFTPOS transactions, as well as scan thekeypad 12 and control the display 24 to which it is attached. Thecontroller 26 itself is secured against attack through the use ofdetection technology, such as penetrating protecting die meshes formedover the circuit(s) to detect removal of the display section 24 from thepersonal device compartment 10 of the mobile telephone. The epoxy resinbacking on security sensitive components, such as the processor 28 andsecure memory 32, or most preferably on the entire controller 26, mayalso be provided.

FIG. 2 shows a diagram of a mobile telephone (that is the relevant partsof the mobile telephone), which the invention may be used. The displaydevice 20 includes the liquid crystal display 24 which is mounted onto aprinted circuit board 40 which carries the controlling electronics 11and keypad 12 of the mobile telephone 10. As previously mentioned thedisplay section 20 is connected to the controlling electronics (andtherefore to the board 40), by the zero insertion force connector 22.

FIG. 3 shows a rear view of the display device 20 in which the connector22 is schematically shown for coupling the display device 20 to thecontrol electronics 11 and keyboard 12. The EFTPOS controller 26 is alsoschematically shown connected to glass face 21 of the liquid crystaldisplay 24 by way of a chip on glass mounting method.

FIG. 4 shows a front view of the display device 20 which illustrates theviewable area of the display 24.

FIG. 5 shows a side view of the display section 20.

In FIG. 6 a part of the display 24 viewable area is shown which featuresthe secure indicator 50 which may be in the form of a representation ofa padlock or any other suitable device and, which as noted above, ispreferably formed as a single pixel which can be activated under thecontrol of the processor 28, but which cannot be activated by thecontrolling electronics 11 of the mobile telephone 10. In this manner,the security indicator 50 cannot be caused to be displayed other thanwhen the user actually selects the security condition of the mobiletelephone to perform an EFTPOS transaction. Thus, the secure indicator50 is an icon which is a singularly addressably formed icon on thedisplay 24 and is not a graphical representation formed from multiplepixels.

With reference to FIGS. 7 and 8 (which show a block diagram of thepreferred embodiment of the invention and a flow chart explainingoperation of the diagram of FIG. 7, respectively), keypad 12 isseparated from the controlling electronics 11 by connector 22, aspreviously described. The connector 22 connects the keypad 12, viainterface lines 60, to processor 28. The personal device keypad controlcircuitry and other controlling electronics 11 are also connected to theprocessor 28, via the connector 22, as is bus 19 which forwards data tothe display 24 under the control of the electronics 11. The interfacelines 60 are connected to lines 62 which in turn connect to theelectronics 11 by lines 63, which include field-effect transistors 64.In usual operation, signals from the keypad 12 can travel via lines 60,63, transistors 64 and lines 62 to the controlling electronics 11. Thesesignals are then processed by the controlling electronics 11 and mayresult in an output to the display 24 on bus 19. The bus 19 connectswith data lines 65 and address lines 66. The data lines 65 each includefield-effect transistors 67 and the field-effect transistors 67 areconnected to line 69 which in turn connects to the processor 28. Line 70from the processor 28 also connects to each of the transistors 64.

Line 69 also connects to field effect transistors 72 which are providedin address lines 66.

The processor 28 also connects to memories 32 via data bus 78 andaddress bus 79. The data bus 78 also connects to a series offield-effect transistors 80 and then, via bus 81, to display 24. Bus 79also connects field-effect transistors 83 to bus 85, which in turn isconnected to display 24.

Line 69 breaks into a first branch 69 a which connects with thetransistors 67 and a second branch 69 b which connects with thetransistors 72. The branch 69 b includes an inverter 89, which isconnected via lines 91 and 92 to the transistors 83.

All the field-effect transistors described above function asbi-directional switches and in usual operation allow flow of signalsfrom the keypad 12 to the controlling electronics 11 and from the databus 19 to the display 24 so that the display 24 can be used as displayinformation under control of the electronics 11, such as when telephonecalls are made, etc.

One of the address lines 66 (that labelled 66′) is connected an inverter104, which in turn connects with a field-effect transistor 105 in LCDenable line 106. The line 106 connects with one of the transistors 72and then to the enable port of the display 24 (i.e., the same port towhich line 114 connects) to produce an enable signal to the display 24.When the signal on line 106 is high the display 24 is enabled so thatthe display 24 can be controlled by data provided on the address line 66and data line 65 which are connected to the display 24 by the buses 81and 85, respectively. The signal on line 106 is also provided toinverter 103 by line 101 and acts as an interrupt so that the processorcan monitor the signals on the data line 65 and address line 66, vialines 118, to determine whether those signals are intended for theprocessor 28.

When it is desired to place the device into security mode, a key or codecan be keyed into the keyboard 12 which is received by the processor 28in the manner referred to above. A high signal on address line 66′,which may form part of the code, will cause the inverter 104 to output alow signal to turn off the transistor 105 and disable the display 24from control by the electronics 11 and the data bus 19.

When the processor 28 receives the indication that security mode isrequired, the processor 28 outputs a signal on lines 69 and 70 so as tochange the state of the field-effect transistors 64 and 67. The changein state of the signal on line 69 is inverted by inverter 89 whichswitches on the field effect transistors 80 and 83 so that the display24 can be addressed and data provided to display 24 from the memories 32under the control of the processor 28. Input commands from the keypad 12can then only pass to display 24 from the line 60, via the processor 28,and then from the processor 28 to the display 24. Since the transistors64, 67 and 72 are switched off, it is not possible for the controllingelectronics 11 or the data bus 19 to access the keypad 12 or the display24.

The processor 28 also outputs a signal on line 112 which is inverted byinverter 113 so that a signal is provided on line 114 for enabling theLCD display 24 (so the display can display the data received on the bus81) under the control of the processor 28 and also receive read/writesignals from processor 28, via lines 106′ and 106″.

The signal on line 69 b is also inverted by the inverter 89 and suppliedto the processors 28 to cause the processor 28 to display the iconshowing that the device is in the security mode.

When the secure functions, such as the EFTPOS transaction, is completed,the device can return to its normal state by changing the status of theoutputs on lines 69 and 70. This reactivates the field-effecttransistors 64,67 and 72 so that the keypad 12 can again communicatewith the controlling electronics 11 and signals outputted on data bus 19direct to display 24. The change in status of the signal on line 69 alsoswitches off the transistors 80 and 83.

According to the preferred embodiment of the invention the displaydevice 20 becomes the master of both the display 24 and keypad 12.During normal use, the personal device, such as the mobile telephone 10,is allowed by the controller 26 to display information on the display24, and also receive information from the keypad 12. However, when thedevice is placed into the secure condition the controlling electronics11 cannot access the display 24 nor receive information from the keypad12. In this mode the controller 26 switches control of the keypad 12 andthe display 24 from the controlling electronics 11 to itself andswitches on the icon 50 to show that the mobile telephone is now in thesecure condition in which a financial transaction can be performed.

The mobile phone can then perform a secure EFTPOS transaction, whilstpreventing the personal device 10 from intercepting, viewing ortampering with any of data passed between itself, the user, and theEFTPOS network. Once a transaction is complete, control of the display24 and the keypad 12 is passed back to the personal device 10 itself,and the EFTPOS controller resumes it passive display role in which itmerely enables transmission of information from the controllingelectronics 11 to/from the display 24 and keypad 12.

Since modifications within the spirit and scope of the invention mayreadily be effected by persons skilled within the art, it is to beunderstood that this invention is not limited to the particularembodiment described by way of example hereinabove.

1-32. (canceled)
 33. A display device for a personal device intended toperform financial transactions as well as personal functions other thanfinancial transactions, the display device comprising; a display fordisplaying information to a user; and a financial transaction controllercoupled to the display, wherein the financial transaction controllerselectively allows the display and an input device to operate under thecontrol of the personal device to enable personal functions other thanfinancial transactions to be performed, and wherein the financialtransaction controller assumes control of the display and the inputdevice to prevent tampering with or tapping off of data entered into theinput device or stored in the financial transaction controller during afinancial transaction.
 34. The display device of claim 33, wherein thefinancial transaction controller is an electronic funds transfer pointof sale (EFTPOS) controller that includes a processor, a display driverconnected to the processor and a secure memory coupled to the processor,and wherein the secure memory stores secure data and the processor iscoupled to the display by the display driver.
 35. The display device ofclaim 34, wherein the personal device includes controlling electronics,and wherein the display device includes circuitry for coupling theprocessor to the input device and the controlling electronics of thepersonal device.
 36. The display device of claim 33, wherein thefinancial transaction controller is physically attached to the display.37. The display device of claim 33, wherein the financial transactioncontroller is integrated with the display.
 38. The display device ofclaim 33, wherein the financial transaction controller is integratedwith the display by connecting the financial transaction controller to aprinted circuit board (PCB) that includes a display driver forcontrolling the display.
 39. The display device of claim 33, wherein thedisplay is a liquid crystal display (LCD) having a glass face and thefinancial transaction controller is directly mounted onto the glass faceof the LCD by a chip on glass process.
 40. The display device of claim35, wherein the display device is coupled to the controlling electronicsof the personal device by a zero insertion force connector, and whereindisconnection of the display device from the controlling electronicsprovides a trigger signal that causes data within the financialtransaction controller to be erased to prevent unauthorized access ofthe data.
 41. The display device of claim 40, wherein a circuitloop-back in the zero insertion force connector provides the triggersignal to the financial transaction controller, and wherein the dataincludes a banking key.
 42. The display device of claim 33, wherein theinput device is a keypad.
 43. The display device of claim 33, whereinthe financial transaction controller is an application specificintegrated circuit (ASIC).
 44. The display device of claim 33, whereinthe financial transaction controller is a hybrid circuit.
 45. Thedisplay device of claim 33, wherein the financial transaction controlleris configured to selectively control a plurality of different displaysthat may be used in different types of personal devices.
 46. The displaydevice of claim 33, wherein the personal device includes a communicationcircuit for transmitting data relating to the financial transactions toa financial transaction network and for receiving data from thefinancial transaction network.
 47. The display device of claim 33,wherein the personal device includes an input for activation by anoperator to place the display device in a secure condition forperforming a financial transaction.
 48. A financial transaction devicefor performing financial transactions as well as personal functionsother than financial transactions, the device comprising: an inputdevice for the entry of data into the financial transaction device; adisplay for displaying information to a user; a financial transactioncontroller coupled to the display and the input device; and a personaldevice including controlling electronics coupled to the financialtransaction controller, wherein the personal device is configured tocontrol the financial transaction device to perform personal functionsother than financial transactions, and wherein the financial transactioncontroller selectively allows the display and the input device tooperate under the control of the controlling electronics to enablepersonal functions other than financial transactions, where thefinancial transaction controller assumes control of the display and theinput device to prevent the controlling electronics from accessing thedisplay and the input device to prevent tampering with or tapping off ofdata entered into the input device or stored in the financialtransaction controller during a financial transaction.
 49. The device ofclaim 47, wherein the financial transaction controller includes aprocessor, a display driver coupled to the processor and a secure memorycoupled to the processor, and wherein the secure memory stores securedata and the processor is coupled to the display by the display driver.50. The device of claim 48, wherein the financial transaction controlleris physically attached to the display.
 51. The device of claim 48,wherein the financial transaction controller is integrated with thedisplay.
 52. The device of claim 48, wherein the financial transactioncontroller is integrated with the display by connecting the financialtransaction controller to a printed circuit board (PCB) that includes adisplay driver for controlling the display.
 53. The device of claim 48,wherein the display is a liquid crystal display (LCD) having a glassface and the financial transaction controller is directly mounted ontothe glass face of the LCD by a chip on glass process.
 54. The device ofclaim 48, wherein the controlling electronics include a communicationcircuit for transmitting and receiving information.
 55. A mobiletelephone for performing financial transactions as well as mobiletelephone calls other than financial transactions, the mobile telephonecomprising: an input device for the entry of data into the mobiletelephone; a display for displaying information to a user; controllingelectronics for enabling a mobile telephone call to be performed withthe mobile telephone; a financial transaction controller coupled to thedisplay, wherein the financial transaction controller selectively allowsthe input device and the display to be coupled to the controllingelectronics to enable mobile telephone calls other than financialtransactions, and wherein the financial transaction controllerdisconnects the controlling electronics from the display and the inputdevice and assumes control of the display and the input device toperform a financial transaction.
 56. The telephone of claim 55, whereinthe financial transaction controller is an electronic funds transferpoint of sale (EFTPOS) controller that includes a processor, a displaydriver coupled to the processor and a secure memory coupled to theprocessor, and wherein the secure memory stores secure data and theprocessor is coupled to the display by the display driver.
 57. Thetelephone of claim 56, wherein the processor is also coupled to theinput device and the controlling electronics of the personal device. 58.The telephone of claim 55, wherein the financial transaction controlleris physically attached to the display.
 59. The telephone of claim 55,wherein the financial transaction controller is integrated with thedisplay.
 60. The telephone of claim 55, wherein the financialtransaction controller is integrated with the display by connecting thefinancial transaction controller to a printed circuit board (PCB) thatincludes a display driver for controlling the display.
 61. The telephoneof claim 55, wherein the display is a liquid crystal display (LCD)having a glass face and the financial transaction controller is directlymounted onto the glass face of the LCD by a chip on glass process. 62.The telephone of claim 55, wherein the financial transaction controllerenables communication between the controlling electronics, the displayand the input device during the performance of personal functions otherthan financial transactions.
 63. The telephone of claim 55, wherein thecontrolling electronics cannot access the display or the input deviceduring a financial transaction, and wherein the financial transactioncontroller communicates with the controlling electronics to facilitatedata transmission and reception for a financial transaction in a mobiletelephone call to a financial system network.
 64. The telephone of claim55, wherein the input device is a keypad.